WWW daddy Sir Tim Berners-Lee stands up for end-to-end crypto

It's settled then, he has spoken

Sir Tim Berners-Lee has criticised plans to weaken encryption or extend surveillance in the wake of recent terrorist attacks.

Days after the attack on Westminster that claimed the lives of three pedestrians and a police officer, Home Secretary Amber Rudd said there should be no safe space for terrorists to communicate online. The comments came after it emerged that attacker Khalid Masood had checked WhatsApp – which offers end-to-end encryption – two minutes before ploughing an SUV through pedestrians on Westminster Bridge then leaping out and fatally stabbing an unarmed policeman standing guard at the gates of the Houses of Parliament.

Weakening encryption would be a mistake, according to Sir Tim. "If you're trying to catch terrorists, it's really tempting to demand to be able to break all that encryption but if you break that encryption then guess what – so could other people, and guess what – they may end up getting better at it than you are."

Sir Tim made the comments to the BBC in a wide-ranging interview1 following his Turing Award win, a prestigious gong sometimes described as the Nobel Prize of computing. His criticism against weakening encryption parallel those of other security experts.

The Home Secretary has reportedly invited tech bosses from Google, Microsoft, Twitter and Facebook to a summit to discuss encryption and its national security implications.

David Emm, principal security researcher at Kaspersky Lab, noted that tech firms are "unlikely to be happy about switching to a 'snoopable' form of encryption – as illustrated by the stand-off between Apple and the FBI last year".

The terrorist attack in Westminster has renewed the debate about the use of end-to-end encryption by messaging services such as WhatsApp. Rudd has appealed to tech companies to provide a way for government to inspect the communications of those suspected of criminal activity, for example terrorists. Other politicians have even called for a blanket ban on end-to-end-encryption.

Both of these approaches are flawed, according to Emm.

"The requirement for application vendors who use encryption to provide a way for government or law enforcement agencies to 'see through' encryption, poses some real dangers," Emm said. "Creating a 'backdoor' to decipher encrypted traffic is akin to leaving a key to your front door under the mat outside. Your intention is for it to be used only by those you have told about it. But if someone else discovers it, you'd be in trouble.

"Similarly, if a government backdoor were to fall into the wrong hands, cybercriminals, foreign governments or anyone else might also be able to inspect encrypted traffic – thereby undermining not only personal privacy, but corporate or national security. It would effectively create a zero-day (i.e. unpatched) vulnerability in the application." ®

Footnote

1Sir Tim is also against weakening net neutrality, opposes laws that would allow US ISP to broker sales in users' data (such as surfing history) and in favour of combatting fake news.